AI for the rest of us

Welcome to the AI community for everyone.

Hello friends,

It was a big week for our community! The AI for the rest of us meet-up this week was our largest yet! 110 people came together on Thursday to learn about “AI coding the right way” with Daniel Jones (re:cinq), Corey Leigh Latislaw (JustEat Takeaway) and Norberto Lopes (Incident.io).

Another huge thank you to our hosts at Tessl, especially to Sam who was tirelessly bringing in more chairs as the room filled up! Without our generous sponsors this community would not be possible and we are currently looking for sponsors to support our next meetups in March, April and May. Please reach out if you’re interested!

For those who didn’t make it to the meet-up Hannah has included some of the key takeaways and insights in her section below. It's a rather long section this week, so go and put the kettle on!

Charles wasn’t at the meet-up, but has had a busy week on the publishing front, interviewing Adrian Mouat, formerly of Container Solutions and now at Chainguard for a GOTO Unscripted podcast on container security; writing the second sponsored article for a series with Kin Lane for The New Stack; and writing some personal reflections about the future of programming for LeadDev (more on this in his section below).

He also went to see the London Contemporary Orchestra playing cinematic suites from Jóhann Jóhannsson, with Anthony Weeden conducting and Adam Wiltzie on the electronics. They played music from Sicario, The Mercy, Prisoners, The Theory of Everything, and one of Charles’ favorite films, Arrival. Jóhannsson, who died tragically young at 48, wrote music with a unique sound world, tonal, organic, distinctive and atmospheric. It was wonderful to hear it performed live.

Have a wonderful week!

Hannah and Charles

What’s Hannah reading this week?

On Thursday Daniel Jones gave us a brilliant talk about his experience training 100 developers to get the most from Agentic Coding tools. There were so many excellent take aways in this talk but one that will stay with me is the 11 step model of AI coding maturity.

These 11 steps are based on the 8 steps outlined earlier this year by Steve Yegge in his post Welcome to Gas Town.

The 11 steps are:

Copy/paste code from a chat app
AI code completions
Non-agentic IDE features
Agentic IDE - narrow pane, manual approvals
Agentic IDE - agent is main focus, manual approvals
Terminal agent - manual approvals
Terminal agent - skip permissions
Multiple terminal agents - skip permissions
Five or more agents, managed by hand, each with own interface
Using a software factory (e.g. Gas Town)
Building your own software factory

Don’t feel bad if you and your team are somewhere at the lower end of this list. That’s where most of us are today. I also don’t think that “Building your own software factory” is the right destination for most teams, it would be a considerable investment and it’s inevitable that the community will eventually converge on a smaller number of projects or patterns. I’ll be keeping one eye on how projects like Gas Town and Swamp.Club evolve!

I’ve been talking to engineering leaders and developers as part of my research for an upcoming talk at QCon London about the composition of software development teams. Is a single developer and a software factory the future state? Daniel Jones proposes that it is! Norberto Lopes instead advocated for the role of Product Engineer, something that’s been implemented successfully at Incident.io. The role brings elements of product thinking into the domain of the engineering team, which makes perfect sense on a product like Incident where engineers are the user. I was encouraged to hear that engineers at Incident also have direct access to customers, to validate assumptions and ensure their ideas solve a real customer need.

Stian Kirkeberg provided this great summary on LinkedIn, quoting Andrew Ng’s observation that the correct ratio of PM to Dev has moved from 1:8 to 2:1. That’s right, he’s advocating for a ratio of 2 Product Managers to every 1 Developer. Stian shares that his team at NBIM is experimenting with a ratio of 1:2.

“What we're seeing at NBIM: In several of our AI projects, development now moves faster than the business can keep up. The problem isn't development capacity. It's lack of clear specs, fast decisions, and tight feedback loops.

We're now piloting 2+1 as our new project model: two developers and one business user. The business user owns prioritization, gathers domain knowledge, and ensures the team never waits for answers. A steering group of two holds short check-ins to prevent scope creep.”

On the topic of team composition Kief Morris, Thoughtworker and author of Infrastructure as Code recently shared his thoughts in his post “The return of NoOps: Let's use AI to finish the job DevOps started.” Back in the early days of DevOps where terms like NoOps gained popularity it was because Ops was viewed as a source of friction, preventing increasingly agile dev teams from delivering to their users. The problem back then was that shifting “Opsy” responsibility into the Dev team was almost impossible, your average Dev team didn’t have the skills.

Kief reframes NoOps:

"The real point of NoOps was that ops folks should provide tools and systems that remove themselves completely from the developer's workflow. And that point is more relevant than ever."

I wholeheartedly agree with that, but personally I would take it a step further. When we consider Developer Experience and Developer Tooling we are not just building for human users anymore. It’s the coding agents we are designing for. In a product epiphany this week I added a separate user persona of a coding agent. I’m not anthropomorphising these agents, but I do want to separate their product needs from those of the human developers. A successful Coding Agent creates successful Developers - this is the future I’m now building towards!

If you’re also experimenting with new role definitions or team composition I’d love to hear from you and incorporate your early insights into my upcoming talks! Let me know!

What's Charles reading this week?

A popular AI "vibe-coding" platform called Orchids has been found to contain a serious, unpatched security vulnerability which allowed a researcher to take over a journalist's computer without any action from the victim.

Orchids, which claims one million users and counts Google, Uber, and Amazon among its clients, is considered one of the best in its class. But cybersecurity researcher Etizaz Mohsin demonstrated to the BBC how an attacker could silently inject malicious code into a user's project and gain full access to their machine.

Mohsin stresses he has not found the same flaw in other platforms like Claude Code, Cursor, or Lovable — but experts say the incident is a broader warning about agentic AI tools that operate with deep, largely unsupervised access to our devices. The advice from security professionals is to use these tools on a dedicated, separate machine, and treat any experimentation with caution.

As long time subscribers will know, last December I was lucky enough to be in Sydney with YOW! Conferences, and one moment from Kent Beck's keynote has stayed with me ever since. His answer to the rhetorical question “What will programming look like in two years?” was that nobody knows, and he suggested that even getting to "it depends" would be progress, because we don't yet know what it depends on.

That honesty was refreshing, and a little unsettling. Over the past year I've had a lot of conversations with people who are struggling with this uncertainty — worried CS students, industry veterans, and attendees at AI for the rest of us who told me, quietly, that they were grieving. One of those conversations was with my lovely mother-in-law Lesley Finne, who wrote code on punch-card systems in Kenya in the 1960s. Her story reminded me that we've been here before, and that the people who navigated those earlier shifts weren't necessarily the ones who adapted fastest.

I wrote about all of this for quite a personal article for LeadDev. If you're feeling anxious or uncertain about where our industry is heading, I hope it's useful. I look at what Kent's 3x model tells us about the moment we're in, which skills are likely to hold their value, and why careful, skeptical attention might matter more right now than moving fast.

There is a somewhat related article from Paul Ford, in the form of an excellent op-ed for The New York Times. I find it extraordinary (and very honest) that he admits gen AI “is an ecological disaster“ but goes on to say that he doesn’t care because it’s fun.

“All of the people I love hate this stuff, and all the people I hate love it. And yet, likely because of the same personality flaws that drew me to technology in the first place, I am annoyingly excited.” - Paul Ford

Thinking of grieving, Google has announced its latest Lyria 3 AI model is now deployed in the Gemini app, vastly expanding access to AI music generation. Select the new "Create music" option in the Gemini app or web UI, describe what you want, upload an image to help it get the right vibe, and in a few seconds you get music — or something vaguely like it. It’s interesting to contrast the output with someone like Jóhannsson who, whether you like what he did or not, was at least original. I love music, and I hate this so, so much.

Raphael Satter and Sam Tabahriti have been testing xAI’s Grok for Reuters and, you won’t be surprised to learn, have found that the curbs on it don’t work. The chatbot still produces sexualised images — even when told the subjects don’t consent, even when told the photos will be used for public humiliation, and even when told the subjects are survivors of abuse. Kent Beck was right that we don't yet know what any of this depends on. But some things, it turns out, aren’t uncertain at all.